X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/dda964a76b486001f0debf38deb594ad7c13f416..005739f70a1d33ff4babbb3e6152fc6063aa480b:/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp diff --git a/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp b/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp index 03e30422..9d5d6e91 100644 --- a/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp +++ b/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp @@ -23,7 +23,7 @@ $Date: 2010/03/25 15:18:48 $ $Author: faust $ */ - + #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif @@ -55,10 +55,6 @@ extern volatile time_t stgTime; namespace { PLUGIN_CREATOR iac; - -void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password); -void Decrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8); -void Encrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8); } extern "C" PLUGIN * GetPlugin(); @@ -90,7 +86,7 @@ std::vector::const_iterator pvi; /////////////////////////// pv.param = "Port"; pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); -if (pvi == s.moduleParams.end()) +if (pvi == s.moduleParams.end() || pvi->value.empty()) { errorStr = "Parameter \'Port\' not found."; printfd(__FILE__, "Parameter 'Port' not found\n"); @@ -106,7 +102,7 @@ port = static_cast(p); /////////////////////////// pv.param = "UserDelay"; pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); -if (pvi == s.moduleParams.end()) +if (pvi == s.moduleParams.end() || pvi->value.empty()) { errorStr = "Parameter \'UserDelay\' not found."; printfd(__FILE__, "Parameter 'UserDelay' not found\n"); @@ -122,7 +118,7 @@ if (ParseIntInRange(pvi->value[0], 5, 600, &userDelay)) /////////////////////////// pv.param = "UserTimeout"; pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); -if (pvi == s.moduleParams.end()) +if (pvi == s.moduleParams.end() || pvi->value.empty()) { errorStr = "Parameter \'UserTimeout\' not found."; printfd(__FILE__, "Parameter 'UserTimeout' not found\n"); @@ -138,7 +134,7 @@ if (ParseIntInRange(pvi->value[0], 15, 1200, &userTimeout)) /////////////////////////// pv.param = "LogProtocolErrors"; pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); -if (pvi == s.moduleParams.end()) +if (pvi == s.moduleParams.end() || pvi->value.empty()) logProtocolErrors = false; else if (ParseYesNo(pvi->value[0], &logProtocolErrors)) { @@ -151,7 +147,7 @@ std::string freeMbType; int n = 0; pv.param = "FreeMb"; pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); -if (pvi == s.moduleParams.end()) +if (pvi == s.moduleParams.end() || pvi->value.empty()) { errorStr = "Parameter \'FreeMb\' not found."; printfd(__FILE__, "Parameter 'FreeMb' not found\n"); @@ -192,15 +188,13 @@ return 0; #ifdef IA_PHASE_DEBUG IA_PHASE::IA_PHASE() : phase(1), - phaseTime(), flog(NULL) { gettimeofday(&phaseTime, NULL); } #else IA_PHASE::IA_PHASE() - : phase(1), - phaseTime() + : phase(1) { gettimeofday(&phaseTime, NULL); } @@ -334,7 +328,7 @@ AUTH_IA::AUTH_IA() onDelUserNotifier(*this), logger(GetPluginLogger(GetStgLogger(), "auth_ia")) { -InitEncrypt(&ctxS, "pr7Hhen"); +InitContext("pr7Hhen", 7, &ctxS); pthread_mutexattr_t attr; pthread_mutexattr_init(&attr); @@ -486,7 +480,7 @@ while (ia->nonstop) { touchTime = stgTime; std::string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_r"; - TouchFile(monFile.c_str()); + TouchFile(monFile); } } @@ -514,7 +508,7 @@ while (ia->nonstop) // TODO change counter to timer and MONITOR_TIME_DELAY_SEC if (++a % (50 * 60) == 0 && ia->stgSettings->GetMonitoring()) { - TouchFile(monFile.c_str()); + TouchFile(monFile); } } @@ -530,6 +524,22 @@ if (ret) return ret; } //----------------------------------------------------------------------------- +int AUTH_IA::Reload(const MODULE_SETTINGS & ms) +{ +AUTH_IA_SETTINGS newIaSettings; +if (newIaSettings.ParseSettings(ms)) + { + printfd(__FILE__, "AUTH_IA::Reload() - Failed to reload InetAccess.\n"); + logger("AUTH_IA: Cannot reload InetAccess. Errors found."); + return -1; + } + +printfd(__FILE__, "AUTH_IA::Reload() - Reloaded InetAccess successfully.\n"); +logger("AUTH_IA: Reloaded InetAccess successfully."); +iaSettings = newIaSettings; +return 0; +} +//----------------------------------------------------------------------------- int AUTH_IA::PrepareNet() { struct sockaddr_in listenAddr; @@ -603,7 +613,7 @@ if (CheckHeader(buffer, sip, &protoVer)) char login[PASSWD_LEN]; //TODO why PASSWD_LEN ? memset(login, 0, PASSWD_LEN); -Decrypt(&ctxS, login, buffer + 8, PASSWD_LEN / 8); +DecryptString(login, buffer + 8, PASSWD_LEN, &ctxS); USER_PTR user; if (users->FindByName(login, &user)) @@ -612,7 +622,7 @@ if (users->FindByName(login, &user)) login, inet_ntostring(sip).c_str()); printfd(__FILE__, "User '%s' NOT found!\n", login); - SendError(sip, sport, protoVer, "îÅÐÒÁ×ÉÌØÎÙÊ ÌÏÇÉÎ!"); + SendError(sip, sport, protoVer, IconvString("Неправильный логин.", "utf8", "koi8-ru")); return -1; } @@ -621,14 +631,14 @@ printfd(__FILE__, "User '%s' FOUND!\n", user->GetLogin().c_str()); if (user->GetProperty().disabled.Get()) { logger("Cannont authorize '%s', user is disabled.", login); - SendError(sip, sport, protoVer, "õÞÅÔÎÁÑ ÚÁÐÉÓØ ÚÁÂÌÏËÉÒÏ×ÁÎÁ"); + SendError(sip, sport, protoVer, IconvString("Учетная запись заблокирована.", "utf8", "koi8-ru")); return 0; } if (user->GetProperty().passive.Get()) { logger("Cannont authorize '%s', user is passive.", login); - SendError(sip, sport, protoVer, "õÞÅÔÎÁÑ ÚÁÐÉÓØ ÚÁÍÏÒÏÖÅÎÁ"); + SendError(sip, sport, protoVer, IconvString("Учетная запись заморожена.", "utf8", "koi8-ru")); return 0; } @@ -638,7 +648,7 @@ if (!user->GetProperty().ips.Get().IsIPInIPS(sip)) user->GetLogin().c_str(), inet_ntostring(sip).c_str()); logger("User %s. IP address is incorrect. IP %s", user->GetLogin().c_str(), inet_ntostring(sip).c_str()); - SendError(sip, sport, protoVer, "ðÏÌØÚÏ×ÁÔÅÌØ ÎÅ ÏÐÏÚÎÁÎ! ðÒÏ×ÅÒØÔÅ IP ÁÄÒÅÓ."); + SendError(sip, sport, protoVer, IconvString("Пользователь не опознан. Проверьте IP-адрес.", "utf8", "koi8-ru")); return 0; } @@ -649,11 +659,9 @@ int AUTH_IA::CheckHeader(const char * buffer, uint32_t sip, int * protoVer) { if (strncmp(IA_ID, buffer, strlen(IA_ID)) != 0) { - //SendError(userIP, updateMsg); printfd(__FILE__, "update needed - IA_ID\n"); if (iaSettings.LogProtocolErrors()) logger("IP: %s. Header: invalid packed signature.", inet_ntostring(sip).c_str()); - //SendError(userIP, "Incorrect header!"); return -1; } @@ -662,14 +670,12 @@ if (buffer[6] != 0) //proto[0] shoud be 0 printfd(__FILE__, "update needed - PROTO major: %d\n", buffer[6]); if (iaSettings.LogProtocolErrors()) logger("IP: %s. Header: invalid protocol major version: %d.", inet_ntostring(sip).c_str(), buffer[6]); - //SendError(userIP, updateMsg); return -1; } if (buffer[7] < 6) { // need update - //SendError(userIP, updateMsg); printfd(__FILE__, "update needed - PROTO minor: %d\n", buffer[7]); if (iaSettings.LogProtocolErrors()) logger("IP: %s. Header: invalid protocol minor version: %d.", inet_ntostring(sip).c_str(), buffer[7]); @@ -700,7 +706,7 @@ while (it != ip2user.end()) && (currTime - it->second.phase.GetTime()) > iaSettings.GetUserDelay()) { if (iaSettings.LogProtocolErrors()) - logger("User '%s'. Protocol version: %d. Phase 2: connect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay()); + logger("User '%s'. Protocol version: %d. Phase 2: connect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay().GetSec()); it->second.phase.SetPhase1(); printfd(__FILE__, "Phase changed from 2 to 1. Reason: timeout\n"); ip2user.erase(it++); @@ -744,7 +750,7 @@ while (it != ip2user.end()) if ((currTime - it->second.phase.GetTime()) > iaSettings.GetUserTimeout()) { if (iaSettings.LogProtocolErrors()) - logger("User '%s'. Protocol version: %d. Phase 3: alive timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserTimeout()); + logger("User '%s'. Protocol version: %d. Phase 3: alive timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserTimeout().GetSec()); users->Unauthorize(it->second.user->GetLogin(), this); ip2user.erase(it++); continue; @@ -755,7 +761,7 @@ while (it != ip2user.end()) && ((currTime - it->second.phase.GetTime()) > iaSettings.GetUserDelay())) { if (iaSettings.LogProtocolErrors()) - logger("User '%s'. Protocol version: %d. Phase 4: disconnect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay()); + logger("User '%s'. Protocol version: %d. Phase 4: disconnect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay().GetSec()); it->second.phase.SetPhase3(); printfd(__FILE__, "Phase changed from 4 to 3. Reason: timeout\n"); } @@ -789,7 +795,7 @@ if (it == ip2user.end()) userPtr->GetLogin().c_str(), inet_ntostring(sip).c_str(), login.c_str()); - SendError(sip, sport, protoVer, "÷ÁÛ IP ÁÄÒÅÓ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!"); + SendError(sip, sport, protoVer, IconvString("IP-адрес уже сипользуется.", "utf8", "koi8-ru")); return 0; } } @@ -814,7 +820,7 @@ else if (user->GetID() != it->second.user->GetID()) it->second.user->GetLogin().c_str(), inet_ntostring(sip).c_str(), user->GetLogin().c_str()); - SendError(sip, sport, protoVer, "÷ÁÛ IP ÁÄÒÅÓ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!"); + SendError(sip, sport, protoVer, IconvString("IP-адрес уже используется.", "utf8", "koi8-ru")); return 0; } @@ -822,11 +828,12 @@ IA_USER * iaUser = &(it->second); if (iaUser->password != user->GetProperty().password.Get()) { - InitEncrypt(&iaUser->ctx, user->GetProperty().password.Get()); + const std::string & password = user->GetProperty().password.Get(); + InitContext(password.c_str(), password.length(), &iaUser->ctx); iaUser->password = user->GetProperty().password.Get(); } -Decrypt(&iaUser->ctx, static_cast(buff) + offset, static_cast(buff) + offset, (dataLen - offset) / 8); +DecryptString(static_cast(buff) + offset, static_cast(buff) + offset, (dataLen - offset), &iaUser->ctx); char packetName[IA_MAX_TYPE_LEN]; strncpy(packetName, static_cast(buff) + offset + 4, IA_MAX_TYPE_LEN); @@ -835,7 +842,7 @@ packetName[IA_MAX_TYPE_LEN - 1] = 0; std::map::iterator pi(packetTypes.find(packetName)); if (pi == packetTypes.end()) { - SendError(sip, sport, protoVer, "îÅÐÒÁ×ÉÌØÎÙÊ ÌÏÇÉÎ ÉÌÉ ÐÁÒÏÌØ!"); + SendError(sip, sport, protoVer, IconvString("Неправильный логин или пароль.", "utf8", "koi8-ru")); printfd(__FILE__, "Login or password is wrong!\n"); logger("User's connect failed. User: '%s', ip %s. Wrong login or password", login.c_str(), @@ -853,7 +860,7 @@ if (user->IsAuthorizedBy(this) && user->GetCurrIP() != sip) login.c_str(), inet_ntostring(user->GetCurrIP()).c_str(), inet_ntostring(sip).c_str()); - SendError(sip, sport, protoVer, "÷ÁÛ ÌÏÇÉÎ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!"); + SendError(sip, sport, protoVer, IconvString("Логин уже используется.", "utf8", "koi8-ru")); ip2user.erase(it); return 0; } @@ -1077,7 +1084,7 @@ SwapBytes(info.len); char buffer[256]; memcpy(buffer, &info, sizeof(INFO_6)); -Encrypt(&user.ctx, buffer, buffer, len / 8); +EncryptString(buffer, buffer, len, &user.ctx); return Send(ip, iaSettings.GetUserPort(), buffer, len); } //----------------------------------------------------------------------------- @@ -1106,7 +1113,7 @@ info.text[MAX_MSG_LEN - 1] = 0; char buffer[300]; memcpy(buffer, &info, sizeof(INFO_7)); -Encrypt(&user.ctx, buffer, buffer, len / 8); +EncryptString(buffer, buffer, len, &user.ctx); return Send(ip, iaSettings.GetUserPort(), buffer, len); } //----------------------------------------------------------------------------- @@ -1135,7 +1142,7 @@ SwapBytes(info.sendTime); char buffer[1500]; memcpy(buffer, &info, sizeof(INFO_8)); -Encrypt(&user.ctx, buffer, buffer, len / 8); +EncryptString(buffer, buffer, len, &user.ctx); return Send(ip, user.port, buffer, len); } //----------------------------------------------------------------------------- @@ -1196,7 +1203,7 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1)) return -1; } } -printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), connAck->rnd); +printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d, expected: %d\n", iaUser->phase.GetPhase(), connAck->rnd, iaUser->rnd + 1); if (iaSettings.LogProtocolErrors()) { if (iaUser->phase.GetPhase() != 2) @@ -1241,7 +1248,7 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1)) return -1; } } -printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), connAck->rnd); +printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d, expected: %d\n", iaUser->phase.GetPhase(), connAck->rnd, iaUser->rnd + 1); if (iaSettings.LogProtocolErrors()) { if (iaUser->phase.GetPhase() != 2) @@ -1404,8 +1411,10 @@ for (int j = 0; j < DIR_NUM; j++) iaUser->rnd = static_cast(random()); connSynAck6.rnd = iaUser->rnd; -connSynAck6.userTimeOut = iaSettings.GetUserTimeout(); -connSynAck6.aliveDelay = iaSettings.GetUserDelay(); +printfd(__FILE__, "Sending CONN_SYN_ACK with control number %d.\n", iaUser->rnd); + +connSynAck6.userTimeOut = iaSettings.GetUserTimeout().GetSec(); +connSynAck6.aliveDelay = iaSettings.GetUserDelay().GetSec(); #ifdef ARCH_BE SwapBytes(connSynAck6.len); @@ -1414,7 +1423,7 @@ SwapBytes(connSynAck6.userTimeOut); SwapBytes(connSynAck6.aliveDelay); #endif -Encrypt(&iaUser->ctx, (char*)&connSynAck6, (char*)&connSynAck6, Min8(sizeof(CONN_SYN_ACK_6))/8); +EncryptString((char*)&connSynAck6, (char*)&connSynAck6, Min8(sizeof(CONN_SYN_ACK_6)), &iaUser->ctx); return Send(sip, iaSettings.GetUserPort(), (char*)&connSynAck6, Min8(sizeof(CONN_SYN_ACK_6)));; } //----------------------------------------------------------------------------- @@ -1446,8 +1455,10 @@ for (int j = 0; j < DIR_NUM; j++) iaUser->rnd = static_cast(random()); connSynAck8.rnd = iaUser->rnd; -connSynAck8.userTimeOut = iaSettings.GetUserTimeout(); -connSynAck8.aliveDelay = iaSettings.GetUserDelay(); +printfd(__FILE__, "Sending CONN_SYN_ACK with control number %d.\n", iaUser->rnd); + +connSynAck8.userTimeOut = iaSettings.GetUserTimeout().GetSec(); +connSynAck8.aliveDelay = iaSettings.GetUserDelay().GetSec(); #ifdef ARCH_BE SwapBytes(connSynAck8.len); @@ -1456,7 +1467,7 @@ SwapBytes(connSynAck8.userTimeOut); SwapBytes(connSynAck8.aliveDelay); #endif -Encrypt(&iaUser->ctx, (char*)&connSynAck8, (char*)&connSynAck8, Min8(sizeof(CONN_SYN_ACK_8))/8); +EncryptString((char*)&connSynAck8, (char*)&connSynAck8, Min8(sizeof(CONN_SYN_ACK_8)), &iaUser->ctx); return Send(sip, iaUser->port, (char*)&connSynAck8, Min8(sizeof(CONN_SYN_ACK_8))); } //----------------------------------------------------------------------------- @@ -1537,7 +1548,7 @@ for (int i = 0; i < DIR_NUM; ++i) } #endif -Encrypt(&(iaUser->ctx), (char*)&aliveSyn6, (char*)&aliveSyn6, Min8(sizeof(aliveSyn6))/8); +EncryptString((char*)&aliveSyn6, (char*)&aliveSyn6, Min8(sizeof(aliveSyn6)), &iaUser->ctx); return Send(sip, iaSettings.GetUserPort(), (char*)&aliveSyn6, Min8(sizeof(aliveSyn6))); } //----------------------------------------------------------------------------- @@ -1630,7 +1641,7 @@ for (int i = 0; i < DIR_NUM; ++i) } #endif -Encrypt(&(iaUser->ctx), (char*)&aliveSyn8, (char*)&aliveSyn8, Min8(sizeof(aliveSyn8))/8); +EncryptString((char*)&aliveSyn8, (char*)&aliveSyn8, Min8(sizeof(aliveSyn8)), &iaUser->ctx); return Send(sip, iaUser->port, (char*)&aliveSyn8, Min8(sizeof(aliveSyn8))); } //----------------------------------------------------------------------------- @@ -1645,7 +1656,7 @@ SwapBytes(disconnSynAck6.len); SwapBytes(disconnSynAck6.rnd); #endif -Encrypt(&iaUser->ctx, (char*)&disconnSynAck6, (char*)&disconnSynAck6, Min8(sizeof(disconnSynAck6))/8); +EncryptString((char*)&disconnSynAck6, (char*)&disconnSynAck6, Min8(sizeof(disconnSynAck6)), &iaUser->ctx); return Send(sip, iaSettings.GetUserPort(), (char*)&disconnSynAck6, Min8(sizeof(disconnSynAck6))); } //----------------------------------------------------------------------------- @@ -1669,7 +1680,7 @@ SwapBytes(disconnSynAck8.len); SwapBytes(disconnSynAck8.rnd); #endif -Encrypt(&iaUser->ctx, (char*)&disconnSynAck8, (char*)&disconnSynAck8, Min8(sizeof(disconnSynAck8))/8); +EncryptString((char*)&disconnSynAck8, (char*)&disconnSynAck8, Min8(sizeof(disconnSynAck8)), &iaUser->ctx); return Send(sip, iaUser->port, (char*)&disconnSynAck8, Min8(sizeof(disconnSynAck8))); } //----------------------------------------------------------------------------- @@ -1683,7 +1694,7 @@ strcpy((char*)fin6.ok, "OK"); SwapBytes(fin6.len); #endif -Encrypt(&iaUser->ctx, (char*)&fin6, (char*)&fin6, Min8(sizeof(fin6))/8); +EncryptString((char*)&fin6, (char*)&fin6, Min8(sizeof(fin6)), &iaUser->ctx); users->Unauthorize(iaUser->login, this); @@ -1713,7 +1724,7 @@ strcpy((char*)fin8.ok, "OK"); SwapBytes(fin8.len); #endif -Encrypt(&iaUser->ctx, (char*)&fin8, (char*)&fin8, Min8(sizeof(fin8))/8); +EncryptString((char*)&fin8, (char*)&fin8, Min8(sizeof(fin8)), &iaUser->ctx); users->Unauthorize(iaUser->login, this); @@ -1723,30 +1734,3 @@ ip2user.erase(it); return res; } -namespace -{ -//----------------------------------------------------------------------------- -inline -void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password) -{ -unsigned char keyL[PASSWD_LEN]; -memset(keyL, 0, PASSWD_LEN); -strncpy((char *)keyL, password.c_str(), PASSWD_LEN); -Blowfish_Init(ctx, keyL, PASSWD_LEN); -} -//----------------------------------------------------------------------------- -inline -void Decrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8) -{ -for (size_t i = 0; i < len8; i++) - DecodeString(static_cast(dst) + i * 8, static_cast(src) + i * 8, ctx); -} -//----------------------------------------------------------------------------- -inline -void Encrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8) -{ -for (size_t i = 0; i < len8; i++) - EncodeString(static_cast(dst) + i * 8, static_cast(src) + i * 8, ctx); -} -//----------------------------------------------------------------------------- -}